FBLocker Ransomware

If you have found Mark Zuckerberg looking at you straight from your Desktop, and it is impossible to access personal files, FBLocker Ransomware must have infiltrated your computer. This malicious application does not steal Facebook passwords or lock users out of their accounts. Instead, it focuses on the encryption of users’ personal files. Surprisingly, it does not want users’ money. Unfortunately, this also means that users cannot purchase the decryption tool from its author and then use it to unlock their files. Most probably, the ransomware infection has only been developed to cause problems to users. Even though the decryption tool cannot be purchased from cyber criminals, you must remove the ransomware infection no matter what. It does not create any modifications that would allow it to start working on System Startup, but you might launch it again accidentally by simply double-clicking on the malicious file. If the ransomware infection is executed, it will encrypt more files and display the image of Mark Zuckerberg again.

FBLocker Ransomware has been developed to lock files on affected computers, so it will perform this activity right away if it ever gets a chance to enter it. Most probably, you will find almost all personal files encrypted, including your important documents and a bunch of media files. According to researchers who have analyzed FBLocker Ransomware, it should affect files in %USERPROFILE%\Documents, %USERPROFILE%\Pictures, %USERPROFILE%\Music, %USERPROFILE%\Videos, and %USERPROFILE%\Desktop. All encrypted files will get the .facebook extension, but we can assure you that this threat is not associated with Facebook in any way. Once files are locked, the ransomware infection opens a picture of Mark Zuckerberg. It also contains a message for users in two languages: Russian and English. First, users are explained what the reason they cannot open their files is. Then, they find out that it is impossible to recover these affected files. Our specialists agree that there are no guarantees that you will restore your files because a unique AES key is used per file. In other words, users need to have a bunch of keys in their hands to be able to decrypt all these affected files. As mentioned, they cannot be purchased from cyber criminals. Because of this, we believe that data recovery is only possible if you have a backup with these encrypted files. We are not going to lie – it is not very likely that free decryption software will be soon developed by specialists.

What about the distribution of FBLocker Ransomware? FBLocker Ransomware is not distributed actively, but it might still enter your system if you act in a careless way and, additionally, keep your system unprotected. It does not mean that users cannot prevent ransomware infections from entering their computers. There are several pieces of advice we have for users who do not want to end up with malware. First, stop downloading applications from dubious websites starting today. Second, do not go anywhere near spam emails and do not check attachments they hold or links they contain. Finally, malware can be downloaded and executed by another infection active on the system, so always keep your PC clean. It is, without a doubt, not easy to prevent malware from entering the system in all the cases, so you should also keep a security application active on your computer. Unfortunately, if you have already found .facebook appended to your files, it means that you have already encountered the ransomware infection and cannot turn the clock back.

Your system is not a good place for ransomware even if it is one of those threats that do not create a point of execution because you might launch it accidentally. In this case, more files will be encrypted. The removal of the ransomware infection might seem harder than it actually is. To remove FBLocker Ransomware, you, first, need to open Task Manager and kill the malicious process. Second, it is very important to delete all suspicious recently downloaded files to get rid of the launcher (it is usually a malicious executable file) of the ransomware infection. The ransomware infection can also be disabled with an antimalware scanner. The latter is, of course, an easier malware removal method.

How to delete FBLocker Ransomware

Launch Task Manager by pressing Ctrl+Shift+Esc.

Open the Processes tab.

Check all listed processes and kill those suspicious ones.

Open Windows Explorer by pressing Win+E.

Delete suspicious files from %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, and %TEMP% (type the directory in the Explorer’s URL bar and then tap Enter on your keyboard to access it).